Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
drupal drupal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x prior to 2.1.1 and 3.x prior to 3.1.1 for TYPO3 does not prevent directory traversal, which allows malicious users to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
Typo3 Pharstreamwrapper
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Drupal Drupal
Joomla Joomla\\!
7.5
CVSSv2
CVE-2019-6339
In Drupal Core versions 7.x before 7.62, 8.6.x before 8.6.6 and 8.5.x before 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) ma...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
7.5
CVSSv2
CVE-2017-6925
In versions of Drupal 8 core before 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access r...
Drupal Drupal
7.5
CVSSv2
CVE-2017-6920
Drupal core 8 prior to 8.3.4 allows remote malicious users to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations.
Drupal Drupal
2 Github repositories
7.5
CVSSv2
CVE-2018-7602
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows malicious users to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal co...
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
2 EDB exploits
8 Github repositories
7.5
CVSSv2
CVE-2014-5170
The Storage API module 7.x prior to 7.x-1.6 for Drupal might allow remote malicious users to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
Drupal Storage Api 7.x-1.5
Drupal Storage Api 7.x-1.3
Drupal Storage Api 7.x-1.1
Drupal Storage Api 7.x-1.0
Drupal Storage Api 7.x-1.x-dev
Drupal Storage Api 7.x-1.4
Drupal Storage Api 7.x-1.2
7.5
CVSSv2
CVE-2018-7600
Drupal prior to 7.58, 8.x prior to 8.3.9, 8.4.x prior to 8.4.6, and 8.5.x prior to 8.5.1 allows remote malicious users to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Drupal Drupal
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
3 EDB exploits
62 Github repositories
2 Articles
7.5
CVSSv2
CVE-2015-7877
Multiple SQL injection vulnerabilities in the User Dashboard module 7.x prior to 7.x-1.4 for Drupal allow remote malicious users to execute arbitrary SQL commands via unspecified vectors.
User Dashboard Project User Dashboard 7.x-1.x-dev
User Dashboard Project User Dashboard 7.x-1.3
User Dashboard Project User Dashboard 7.x-1.2
7.5
CVSSv2
CVE-2016-3187
The Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.
Prepopulate Project Prepopulate 7.x-2.0
Prepopulate Project Prepopulate 7.x-2.x
7.5
CVSSv2
CVE-2016-3188
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x prior to 7.x-2.1 for Drupal allows remote malicious users to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently ...
Prepopulate Project Prepopulate 7.x-2.x
Prepopulate Project Prepopulate 7.x-2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »